views:

46

answers:

2

Hello everyone,

I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (no waiting). I want to encrypt these data and insure that what I am doing is as secure as possible.

Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated.

Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets).

However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application.

So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ...

Please note that I am not asking for a 100% secure solution, as there is no such thing.

Cheers

A: 

If your problem is that the data is too small, how about extending the data with random bytes? This will make the plaintext much harder to guess.

Amnon
Yes you are right. I thought about this but didn't mention it above as I didn't implement it yet. I will see what others suggests.
temp
+1  A: 

You have several choices. You can use DTLS, which is a version of TLS adapated for datagrams. It is specified in an RFC and implemented in the openssl library. You can also use the IKE/IPsec protocol and use a UDP encapsulation of the IPsec portion. Usually IPsec is available at the OS level. You can also use OpenVPN, which looks to be a hybrid of TLS for key exchange and a proprietary UDP-based packet encryption protocol.

GregS
DTLS/IPSec are interesting protocols for my problem. They might help in the strengthening key generation but I doubt they will do anything about small data problem, which I should handle by myself. I will explore them more. Thanks
temp
I'm not too clear and what exactly the "small data" problem is, but yet another choice is to use the SRTP protocol, RFC 3711. DTLS for key management and SRTP for the data (RFC 5764) is the IETF choice for secure VoIP, and that has many small frames going back and forth.
GregS